xref: /linux/fs/configfs/dir.c (revision a1c3be890440a1769ed6f822376a3e3ab0d42994)
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /* -*- mode: c; c-basic-offset: 8; -*-
3  * vim: noexpandtab sw=8 ts=8 sts=0:
4  *
5  * dir.c - Operations for configfs directories.
6  *
7  * Based on sysfs:
8  * 	sysfs is Copyright (C) 2001, 2002, 2003 Patrick Mochel
9  *
10  * configfs Copyright (C) 2005 Oracle.  All rights reserved.
11  */
12 
13 #undef DEBUG
14 
15 #include <linux/fs.h>
16 #include <linux/fsnotify.h>
17 #include <linux/mount.h>
18 #include <linux/module.h>
19 #include <linux/slab.h>
20 #include <linux/err.h>
21 
22 #include <linux/configfs.h>
23 #include "configfs_internal.h"
24 
25 /*
26  * Protects mutations of configfs_dirent linkage together with proper i_mutex
27  * Also protects mutations of symlinks linkage to target configfs_dirent
28  * Mutators of configfs_dirent linkage must *both* have the proper inode locked
29  * and configfs_dirent_lock locked, in that order.
30  * This allows one to safely traverse configfs_dirent trees and symlinks without
31  * having to lock inodes.
32  *
33  * Protects setting of CONFIGFS_USET_DROPPING: checking the flag
34  * unlocked is not reliable unless in detach_groups() called from
35  * rmdir()/unregister() and from configfs_attach_group()
36  */
37 DEFINE_SPINLOCK(configfs_dirent_lock);
38 
39 static void configfs_d_iput(struct dentry * dentry,
40 			    struct inode * inode)
41 {
42 	struct configfs_dirent *sd = dentry->d_fsdata;
43 
44 	if (sd) {
45 		/* Coordinate with configfs_readdir */
46 		spin_lock(&configfs_dirent_lock);
47 		/*
48 		 * Set sd->s_dentry to null only when this dentry is the one
49 		 * that is going to be killed.  Otherwise configfs_d_iput may
50 		 * run just after configfs_attach_attr and set sd->s_dentry to
51 		 * NULL even it's still in use.
52 		 */
53 		if (sd->s_dentry == dentry)
54 			sd->s_dentry = NULL;
55 
56 		spin_unlock(&configfs_dirent_lock);
57 		configfs_put(sd);
58 	}
59 	iput(inode);
60 }
61 
62 const struct dentry_operations configfs_dentry_ops = {
63 	.d_iput		= configfs_d_iput,
64 	.d_delete	= always_delete_dentry,
65 };
66 
67 #ifdef CONFIG_LOCKDEP
68 
69 /*
70  * Helpers to make lockdep happy with our recursive locking of default groups'
71  * inodes (see configfs_attach_group() and configfs_detach_group()).
72  * We put default groups i_mutexes in separate classes according to their depth
73  * from the youngest non-default group ancestor.
74  *
75  * For a non-default group A having default groups A/B, A/C, and A/C/D, default
76  * groups A/B and A/C will have their inode's mutex in class
77  * default_group_class[0], and default group A/C/D will be in
78  * default_group_class[1].
79  *
80  * The lock classes are declared and assigned in inode.c, according to the
81  * s_depth value.
82  * The s_depth value is initialized to -1, adjusted to >= 0 when attaching
83  * default groups, and reset to -1 when all default groups are attached. During
84  * attachment, if configfs_create() sees s_depth > 0, the lock class of the new
85  * inode's mutex is set to default_group_class[s_depth - 1].
86  */
87 
88 static void configfs_init_dirent_depth(struct configfs_dirent *sd)
89 {
90 	sd->s_depth = -1;
91 }
92 
93 static void configfs_set_dir_dirent_depth(struct configfs_dirent *parent_sd,
94 					  struct configfs_dirent *sd)
95 {
96 	int parent_depth = parent_sd->s_depth;
97 
98 	if (parent_depth >= 0)
99 		sd->s_depth = parent_depth + 1;
100 }
101 
102 static void
103 configfs_adjust_dir_dirent_depth_before_populate(struct configfs_dirent *sd)
104 {
105 	/*
106 	 * item's i_mutex class is already setup, so s_depth is now only
107 	 * used to set new sub-directories s_depth, which is always done
108 	 * with item's i_mutex locked.
109 	 */
110 	/*
111 	 *  sd->s_depth == -1 iff we are a non default group.
112 	 *  else (we are a default group) sd->s_depth > 0 (see
113 	 *  create_dir()).
114 	 */
115 	if (sd->s_depth == -1)
116 		/*
117 		 * We are a non default group and we are going to create
118 		 * default groups.
119 		 */
120 		sd->s_depth = 0;
121 }
122 
123 static void
124 configfs_adjust_dir_dirent_depth_after_populate(struct configfs_dirent *sd)
125 {
126 	/* We will not create default groups anymore. */
127 	sd->s_depth = -1;
128 }
129 
130 #else /* CONFIG_LOCKDEP */
131 
132 static void configfs_init_dirent_depth(struct configfs_dirent *sd)
133 {
134 }
135 
136 static void configfs_set_dir_dirent_depth(struct configfs_dirent *parent_sd,
137 					  struct configfs_dirent *sd)
138 {
139 }
140 
141 static void
142 configfs_adjust_dir_dirent_depth_before_populate(struct configfs_dirent *sd)
143 {
144 }
145 
146 static void
147 configfs_adjust_dir_dirent_depth_after_populate(struct configfs_dirent *sd)
148 {
149 }
150 
151 #endif /* CONFIG_LOCKDEP */
152 
153 static struct configfs_fragment *new_fragment(void)
154 {
155 	struct configfs_fragment *p;
156 
157 	p = kmalloc(sizeof(struct configfs_fragment), GFP_KERNEL);
158 	if (p) {
159 		atomic_set(&p->frag_count, 1);
160 		init_rwsem(&p->frag_sem);
161 		p->frag_dead = false;
162 	}
163 	return p;
164 }
165 
166 void put_fragment(struct configfs_fragment *frag)
167 {
168 	if (frag && atomic_dec_and_test(&frag->frag_count))
169 		kfree(frag);
170 }
171 
172 struct configfs_fragment *get_fragment(struct configfs_fragment *frag)
173 {
174 	if (likely(frag))
175 		atomic_inc(&frag->frag_count);
176 	return frag;
177 }
178 
179 /*
180  * Allocates a new configfs_dirent and links it to the parent configfs_dirent
181  */
182 static struct configfs_dirent *configfs_new_dirent(struct configfs_dirent *parent_sd,
183 						   void *element, int type,
184 						   struct configfs_fragment *frag)
185 {
186 	struct configfs_dirent * sd;
187 
188 	sd = kmem_cache_zalloc(configfs_dir_cachep, GFP_KERNEL);
189 	if (!sd)
190 		return ERR_PTR(-ENOMEM);
191 
192 	atomic_set(&sd->s_count, 1);
193 	INIT_LIST_HEAD(&sd->s_children);
194 	sd->s_element = element;
195 	sd->s_type = type;
196 	configfs_init_dirent_depth(sd);
197 	spin_lock(&configfs_dirent_lock);
198 	if (parent_sd->s_type & CONFIGFS_USET_DROPPING) {
199 		spin_unlock(&configfs_dirent_lock);
200 		kmem_cache_free(configfs_dir_cachep, sd);
201 		return ERR_PTR(-ENOENT);
202 	}
203 	sd->s_frag = get_fragment(frag);
204 	list_add(&sd->s_sibling, &parent_sd->s_children);
205 	spin_unlock(&configfs_dirent_lock);
206 
207 	return sd;
208 }
209 
210 /*
211  *
212  * Return -EEXIST if there is already a configfs element with the same
213  * name for the same parent.
214  *
215  * called with parent inode's i_mutex held
216  */
217 static int configfs_dirent_exists(struct configfs_dirent *parent_sd,
218 				  const unsigned char *new)
219 {
220 	struct configfs_dirent * sd;
221 
222 	list_for_each_entry(sd, &parent_sd->s_children, s_sibling) {
223 		if (sd->s_element) {
224 			const unsigned char *existing = configfs_get_name(sd);
225 			if (strcmp(existing, new))
226 				continue;
227 			else
228 				return -EEXIST;
229 		}
230 	}
231 
232 	return 0;
233 }
234 
235 
236 int configfs_make_dirent(struct configfs_dirent * parent_sd,
237 			 struct dentry * dentry, void * element,
238 			 umode_t mode, int type, struct configfs_fragment *frag)
239 {
240 	struct configfs_dirent * sd;
241 
242 	sd = configfs_new_dirent(parent_sd, element, type, frag);
243 	if (IS_ERR(sd))
244 		return PTR_ERR(sd);
245 
246 	sd->s_mode = mode;
247 	sd->s_dentry = dentry;
248 	if (dentry)
249 		dentry->d_fsdata = configfs_get(sd);
250 
251 	return 0;
252 }
253 
254 static void configfs_remove_dirent(struct dentry *dentry)
255 {
256 	struct configfs_dirent *sd = dentry->d_fsdata;
257 
258 	if (!sd)
259 		return;
260 	spin_lock(&configfs_dirent_lock);
261 	list_del_init(&sd->s_sibling);
262 	spin_unlock(&configfs_dirent_lock);
263 	configfs_put(sd);
264 }
265 
266 /**
267  *	configfs_create_dir - create a directory for an config_item.
268  *	@item:		config_itemwe're creating directory for.
269  *	@dentry:	config_item's dentry.
270  *	@frag:		config_item's fragment.
271  *
272  *	Note: user-created entries won't be allowed under this new directory
273  *	until it is validated by configfs_dir_set_ready()
274  */
275 
276 static int configfs_create_dir(struct config_item *item, struct dentry *dentry,
277 				struct configfs_fragment *frag)
278 {
279 	int error;
280 	umode_t mode = S_IFDIR| S_IRWXU | S_IRUGO | S_IXUGO;
281 	struct dentry *p = dentry->d_parent;
282 	struct inode *inode;
283 
284 	BUG_ON(!item);
285 
286 	error = configfs_dirent_exists(p->d_fsdata, dentry->d_name.name);
287 	if (unlikely(error))
288 		return error;
289 
290 	error = configfs_make_dirent(p->d_fsdata, dentry, item, mode,
291 				     CONFIGFS_DIR | CONFIGFS_USET_CREATING,
292 				     frag);
293 	if (unlikely(error))
294 		return error;
295 
296 	configfs_set_dir_dirent_depth(p->d_fsdata, dentry->d_fsdata);
297 	inode = configfs_create(dentry, mode);
298 	if (IS_ERR(inode))
299 		goto out_remove;
300 
301 	inode->i_op = &configfs_dir_inode_operations;
302 	inode->i_fop = &configfs_dir_operations;
303 	/* directory inodes start off with i_nlink == 2 (for "." entry) */
304 	inc_nlink(inode);
305 	d_instantiate(dentry, inode);
306 	/* already hashed */
307 	dget(dentry);  /* pin directory dentries in core */
308 	inc_nlink(d_inode(p));
309 	item->ci_dentry = dentry;
310 	return 0;
311 
312 out_remove:
313 	configfs_remove_dirent(dentry);
314 	return PTR_ERR(inode);
315 }
316 
317 /*
318  * Allow userspace to create new entries under a new directory created with
319  * configfs_create_dir(), and under all of its chidlren directories recursively.
320  * @sd		configfs_dirent of the new directory to validate
321  *
322  * Caller must hold configfs_dirent_lock.
323  */
324 static void configfs_dir_set_ready(struct configfs_dirent *sd)
325 {
326 	struct configfs_dirent *child_sd;
327 
328 	sd->s_type &= ~CONFIGFS_USET_CREATING;
329 	list_for_each_entry(child_sd, &sd->s_children, s_sibling)
330 		if (child_sd->s_type & CONFIGFS_USET_CREATING)
331 			configfs_dir_set_ready(child_sd);
332 }
333 
334 /*
335  * Check that a directory does not belong to a directory hierarchy being
336  * attached and not validated yet.
337  * @sd		configfs_dirent of the directory to check
338  *
339  * @return	non-zero iff the directory was validated
340  *
341  * Note: takes configfs_dirent_lock, so the result may change from false to true
342  * in two consecutive calls, but never from true to false.
343  */
344 int configfs_dirent_is_ready(struct configfs_dirent *sd)
345 {
346 	int ret;
347 
348 	spin_lock(&configfs_dirent_lock);
349 	ret = !(sd->s_type & CONFIGFS_USET_CREATING);
350 	spin_unlock(&configfs_dirent_lock);
351 
352 	return ret;
353 }
354 
355 int configfs_create_link(struct configfs_dirent *target, struct dentry *parent,
356 		struct dentry *dentry, char *body)
357 {
358 	int err = 0;
359 	umode_t mode = S_IFLNK | S_IRWXUGO;
360 	struct configfs_dirent *p = parent->d_fsdata;
361 	struct inode *inode;
362 
363 	err = configfs_make_dirent(p, dentry, target, mode, CONFIGFS_ITEM_LINK,
364 			p->s_frag);
365 	if (err)
366 		return err;
367 
368 	inode = configfs_create(dentry, mode);
369 	if (IS_ERR(inode))
370 		goto out_remove;
371 
372 	inode->i_link = body;
373 	inode->i_op = &configfs_symlink_inode_operations;
374 	d_instantiate(dentry, inode);
375 	dget(dentry);  /* pin link dentries in core */
376 	return 0;
377 
378 out_remove:
379 	configfs_remove_dirent(dentry);
380 	return PTR_ERR(inode);
381 }
382 
383 static void remove_dir(struct dentry * d)
384 {
385 	struct dentry * parent = dget(d->d_parent);
386 
387 	configfs_remove_dirent(d);
388 
389 	if (d_really_is_positive(d))
390 		simple_rmdir(d_inode(parent),d);
391 
392 	pr_debug(" o %pd removing done (%d)\n", d, d_count(d));
393 
394 	dput(parent);
395 }
396 
397 /**
398  * configfs_remove_dir - remove an config_item's directory.
399  * @item:	config_item we're removing.
400  *
401  * The only thing special about this is that we remove any files in
402  * the directory before we remove the directory, and we've inlined
403  * what used to be configfs_rmdir() below, instead of calling separately.
404  *
405  * Caller holds the mutex of the item's inode
406  */
407 
408 static void configfs_remove_dir(struct config_item * item)
409 {
410 	struct dentry * dentry = dget(item->ci_dentry);
411 
412 	if (!dentry)
413 		return;
414 
415 	remove_dir(dentry);
416 	/**
417 	 * Drop reference from dget() on entrance.
418 	 */
419 	dput(dentry);
420 }
421 
422 
423 /* attaches attribute's configfs_dirent to the dentry corresponding to the
424  * attribute file
425  */
426 static int configfs_attach_attr(struct configfs_dirent * sd, struct dentry * dentry)
427 {
428 	struct configfs_attribute * attr = sd->s_element;
429 	struct inode *inode;
430 
431 	spin_lock(&configfs_dirent_lock);
432 	dentry->d_fsdata = configfs_get(sd);
433 	sd->s_dentry = dentry;
434 	spin_unlock(&configfs_dirent_lock);
435 
436 	inode = configfs_create(dentry, (attr->ca_mode & S_IALLUGO) | S_IFREG);
437 	if (IS_ERR(inode)) {
438 		configfs_put(sd);
439 		return PTR_ERR(inode);
440 	}
441 	if (sd->s_type & CONFIGFS_ITEM_BIN_ATTR) {
442 		inode->i_size = 0;
443 		inode->i_fop = &configfs_bin_file_operations;
444 	} else {
445 		inode->i_size = PAGE_SIZE;
446 		inode->i_fop = &configfs_file_operations;
447 	}
448 	d_add(dentry, inode);
449 	return 0;
450 }
451 
452 static struct dentry * configfs_lookup(struct inode *dir,
453 				       struct dentry *dentry,
454 				       unsigned int flags)
455 {
456 	struct configfs_dirent * parent_sd = dentry->d_parent->d_fsdata;
457 	struct configfs_dirent * sd;
458 	int found = 0;
459 	int err;
460 
461 	/*
462 	 * Fake invisibility if dir belongs to a group/default groups hierarchy
463 	 * being attached
464 	 *
465 	 * This forbids userspace to read/write attributes of items which may
466 	 * not complete their initialization, since the dentries of the
467 	 * attributes won't be instantiated.
468 	 */
469 	err = -ENOENT;
470 	if (!configfs_dirent_is_ready(parent_sd))
471 		goto out;
472 
473 	list_for_each_entry(sd, &parent_sd->s_children, s_sibling) {
474 		if (sd->s_type & CONFIGFS_NOT_PINNED) {
475 			const unsigned char * name = configfs_get_name(sd);
476 
477 			if (strcmp(name, dentry->d_name.name))
478 				continue;
479 
480 			found = 1;
481 			err = configfs_attach_attr(sd, dentry);
482 			break;
483 		}
484 	}
485 
486 	if (!found) {
487 		/*
488 		 * If it doesn't exist and it isn't a NOT_PINNED item,
489 		 * it must be negative.
490 		 */
491 		if (dentry->d_name.len > NAME_MAX)
492 			return ERR_PTR(-ENAMETOOLONG);
493 		d_add(dentry, NULL);
494 		return NULL;
495 	}
496 
497 out:
498 	return ERR_PTR(err);
499 }
500 
501 /*
502  * Only subdirectories count here.  Files (CONFIGFS_NOT_PINNED) are
503  * attributes and are removed by rmdir().  We recurse, setting
504  * CONFIGFS_USET_DROPPING on all children that are candidates for
505  * default detach.
506  * If there is an error, the caller will reset the flags via
507  * configfs_detach_rollback().
508  */
509 static int configfs_detach_prep(struct dentry *dentry, struct dentry **wait)
510 {
511 	struct configfs_dirent *parent_sd = dentry->d_fsdata;
512 	struct configfs_dirent *sd;
513 	int ret;
514 
515 	/* Mark that we're trying to drop the group */
516 	parent_sd->s_type |= CONFIGFS_USET_DROPPING;
517 
518 	ret = -EBUSY;
519 	if (parent_sd->s_links)
520 		goto out;
521 
522 	ret = 0;
523 	list_for_each_entry(sd, &parent_sd->s_children, s_sibling) {
524 		if (!sd->s_element ||
525 		    (sd->s_type & CONFIGFS_NOT_PINNED))
526 			continue;
527 		if (sd->s_type & CONFIGFS_USET_DEFAULT) {
528 			/* Abort if racing with mkdir() */
529 			if (sd->s_type & CONFIGFS_USET_IN_MKDIR) {
530 				if (wait)
531 					*wait= dget(sd->s_dentry);
532 				return -EAGAIN;
533 			}
534 
535 			/*
536 			 * Yup, recursive.  If there's a problem, blame
537 			 * deep nesting of default_groups
538 			 */
539 			ret = configfs_detach_prep(sd->s_dentry, wait);
540 			if (!ret)
541 				continue;
542 		} else
543 			ret = -ENOTEMPTY;
544 
545 		break;
546 	}
547 
548 out:
549 	return ret;
550 }
551 
552 /*
553  * Walk the tree, resetting CONFIGFS_USET_DROPPING wherever it was
554  * set.
555  */
556 static void configfs_detach_rollback(struct dentry *dentry)
557 {
558 	struct configfs_dirent *parent_sd = dentry->d_fsdata;
559 	struct configfs_dirent *sd;
560 
561 	parent_sd->s_type &= ~CONFIGFS_USET_DROPPING;
562 
563 	list_for_each_entry(sd, &parent_sd->s_children, s_sibling)
564 		if (sd->s_type & CONFIGFS_USET_DEFAULT)
565 			configfs_detach_rollback(sd->s_dentry);
566 }
567 
568 static void detach_attrs(struct config_item * item)
569 {
570 	struct dentry * dentry = dget(item->ci_dentry);
571 	struct configfs_dirent * parent_sd;
572 	struct configfs_dirent * sd, * tmp;
573 
574 	if (!dentry)
575 		return;
576 
577 	pr_debug("configfs %s: dropping attrs for  dir\n",
578 		 dentry->d_name.name);
579 
580 	parent_sd = dentry->d_fsdata;
581 	list_for_each_entry_safe(sd, tmp, &parent_sd->s_children, s_sibling) {
582 		if (!sd->s_element || !(sd->s_type & CONFIGFS_NOT_PINNED))
583 			continue;
584 		spin_lock(&configfs_dirent_lock);
585 		list_del_init(&sd->s_sibling);
586 		spin_unlock(&configfs_dirent_lock);
587 		configfs_drop_dentry(sd, dentry);
588 		configfs_put(sd);
589 	}
590 
591 	/**
592 	 * Drop reference from dget() on entrance.
593 	 */
594 	dput(dentry);
595 }
596 
597 static int populate_attrs(struct config_item *item)
598 {
599 	const struct config_item_type *t = item->ci_type;
600 	struct configfs_attribute *attr;
601 	struct configfs_bin_attribute *bin_attr;
602 	int error = 0;
603 	int i;
604 
605 	if (!t)
606 		return -EINVAL;
607 	if (t->ct_attrs) {
608 		for (i = 0; (attr = t->ct_attrs[i]) != NULL; i++) {
609 			if ((error = configfs_create_file(item, attr)))
610 				break;
611 		}
612 	}
613 	if (t->ct_bin_attrs) {
614 		for (i = 0; (bin_attr = t->ct_bin_attrs[i]) != NULL; i++) {
615 			error = configfs_create_bin_file(item, bin_attr);
616 			if (error)
617 				break;
618 		}
619 	}
620 
621 	if (error)
622 		detach_attrs(item);
623 
624 	return error;
625 }
626 
627 static int configfs_attach_group(struct config_item *parent_item,
628 				 struct config_item *item,
629 				 struct dentry *dentry,
630 				 struct configfs_fragment *frag);
631 static void configfs_detach_group(struct config_item *item);
632 
633 static void detach_groups(struct config_group *group)
634 {
635 	struct dentry * dentry = dget(group->cg_item.ci_dentry);
636 	struct dentry *child;
637 	struct configfs_dirent *parent_sd;
638 	struct configfs_dirent *sd, *tmp;
639 
640 	if (!dentry)
641 		return;
642 
643 	parent_sd = dentry->d_fsdata;
644 	list_for_each_entry_safe(sd, tmp, &parent_sd->s_children, s_sibling) {
645 		if (!sd->s_element ||
646 		    !(sd->s_type & CONFIGFS_USET_DEFAULT))
647 			continue;
648 
649 		child = sd->s_dentry;
650 
651 		inode_lock(d_inode(child));
652 
653 		configfs_detach_group(sd->s_element);
654 		d_inode(child)->i_flags |= S_DEAD;
655 		dont_mount(child);
656 
657 		inode_unlock(d_inode(child));
658 
659 		d_delete(child);
660 		dput(child);
661 	}
662 
663 	/**
664 	 * Drop reference from dget() on entrance.
665 	 */
666 	dput(dentry);
667 }
668 
669 /*
670  * This fakes mkdir(2) on a default_groups[] entry.  It
671  * creates a dentry, attachs it, and then does fixup
672  * on the sd->s_type.
673  *
674  * We could, perhaps, tweak our parent's ->mkdir for a minute and
675  * try using vfs_mkdir.  Just a thought.
676  */
677 static int create_default_group(struct config_group *parent_group,
678 				struct config_group *group,
679 				struct configfs_fragment *frag)
680 {
681 	int ret;
682 	struct configfs_dirent *sd;
683 	/* We trust the caller holds a reference to parent */
684 	struct dentry *child, *parent = parent_group->cg_item.ci_dentry;
685 
686 	if (!group->cg_item.ci_name)
687 		group->cg_item.ci_name = group->cg_item.ci_namebuf;
688 
689 	ret = -ENOMEM;
690 	child = d_alloc_name(parent, group->cg_item.ci_name);
691 	if (child) {
692 		d_add(child, NULL);
693 
694 		ret = configfs_attach_group(&parent_group->cg_item,
695 					    &group->cg_item, child, frag);
696 		if (!ret) {
697 			sd = child->d_fsdata;
698 			sd->s_type |= CONFIGFS_USET_DEFAULT;
699 		} else {
700 			BUG_ON(d_inode(child));
701 			d_drop(child);
702 			dput(child);
703 		}
704 	}
705 
706 	return ret;
707 }
708 
709 static int populate_groups(struct config_group *group,
710 			   struct configfs_fragment *frag)
711 {
712 	struct config_group *new_group;
713 	int ret = 0;
714 
715 	list_for_each_entry(new_group, &group->default_groups, group_entry) {
716 		ret = create_default_group(group, new_group, frag);
717 		if (ret) {
718 			detach_groups(group);
719 			break;
720 		}
721 	}
722 
723 	return ret;
724 }
725 
726 void configfs_remove_default_groups(struct config_group *group)
727 {
728 	struct config_group *g, *n;
729 
730 	list_for_each_entry_safe(g, n, &group->default_groups, group_entry) {
731 		list_del(&g->group_entry);
732 		config_item_put(&g->cg_item);
733 	}
734 }
735 EXPORT_SYMBOL(configfs_remove_default_groups);
736 
737 /*
738  * All of link_obj/unlink_obj/link_group/unlink_group require that
739  * subsys->su_mutex is held.
740  */
741 
742 static void unlink_obj(struct config_item *item)
743 {
744 	struct config_group *group;
745 
746 	group = item->ci_group;
747 	if (group) {
748 		list_del_init(&item->ci_entry);
749 
750 		item->ci_group = NULL;
751 		item->ci_parent = NULL;
752 
753 		/* Drop the reference for ci_entry */
754 		config_item_put(item);
755 
756 		/* Drop the reference for ci_parent */
757 		config_group_put(group);
758 	}
759 }
760 
761 static void link_obj(struct config_item *parent_item, struct config_item *item)
762 {
763 	/*
764 	 * Parent seems redundant with group, but it makes certain
765 	 * traversals much nicer.
766 	 */
767 	item->ci_parent = parent_item;
768 
769 	/*
770 	 * We hold a reference on the parent for the child's ci_parent
771 	 * link.
772 	 */
773 	item->ci_group = config_group_get(to_config_group(parent_item));
774 	list_add_tail(&item->ci_entry, &item->ci_group->cg_children);
775 
776 	/*
777 	 * We hold a reference on the child for ci_entry on the parent's
778 	 * cg_children
779 	 */
780 	config_item_get(item);
781 }
782 
783 static void unlink_group(struct config_group *group)
784 {
785 	struct config_group *new_group;
786 
787 	list_for_each_entry(new_group, &group->default_groups, group_entry)
788 		unlink_group(new_group);
789 
790 	group->cg_subsys = NULL;
791 	unlink_obj(&group->cg_item);
792 }
793 
794 static void link_group(struct config_group *parent_group, struct config_group *group)
795 {
796 	struct config_group *new_group;
797 	struct configfs_subsystem *subsys = NULL; /* gcc is a turd */
798 
799 	link_obj(&parent_group->cg_item, &group->cg_item);
800 
801 	if (parent_group->cg_subsys)
802 		subsys = parent_group->cg_subsys;
803 	else if (configfs_is_root(&parent_group->cg_item))
804 		subsys = to_configfs_subsystem(group);
805 	else
806 		BUG();
807 	group->cg_subsys = subsys;
808 
809 	list_for_each_entry(new_group, &group->default_groups, group_entry)
810 		link_group(group, new_group);
811 }
812 
813 /*
814  * The goal is that configfs_attach_item() (and
815  * configfs_attach_group()) can be called from either the VFS or this
816  * module.  That is, they assume that the items have been created,
817  * the dentry allocated, and the dcache is all ready to go.
818  *
819  * If they fail, they must clean up after themselves as if they
820  * had never been called.  The caller (VFS or local function) will
821  * handle cleaning up the dcache bits.
822  *
823  * configfs_detach_group() and configfs_detach_item() behave similarly on
824  * the way out.  They assume that the proper semaphores are held, they
825  * clean up the configfs items, and they expect their callers will
826  * handle the dcache bits.
827  */
828 static int configfs_attach_item(struct config_item *parent_item,
829 				struct config_item *item,
830 				struct dentry *dentry,
831 				struct configfs_fragment *frag)
832 {
833 	int ret;
834 
835 	ret = configfs_create_dir(item, dentry, frag);
836 	if (!ret) {
837 		ret = populate_attrs(item);
838 		if (ret) {
839 			/*
840 			 * We are going to remove an inode and its dentry but
841 			 * the VFS may already have hit and used them. Thus,
842 			 * we must lock them as rmdir() would.
843 			 */
844 			inode_lock(d_inode(dentry));
845 			configfs_remove_dir(item);
846 			d_inode(dentry)->i_flags |= S_DEAD;
847 			dont_mount(dentry);
848 			inode_unlock(d_inode(dentry));
849 			d_delete(dentry);
850 		}
851 	}
852 
853 	return ret;
854 }
855 
856 /* Caller holds the mutex of the item's inode */
857 static void configfs_detach_item(struct config_item *item)
858 {
859 	detach_attrs(item);
860 	configfs_remove_dir(item);
861 }
862 
863 static int configfs_attach_group(struct config_item *parent_item,
864 				 struct config_item *item,
865 				 struct dentry *dentry,
866 				 struct configfs_fragment *frag)
867 {
868 	int ret;
869 	struct configfs_dirent *sd;
870 
871 	ret = configfs_attach_item(parent_item, item, dentry, frag);
872 	if (!ret) {
873 		sd = dentry->d_fsdata;
874 		sd->s_type |= CONFIGFS_USET_DIR;
875 
876 		/*
877 		 * FYI, we're faking mkdir in populate_groups()
878 		 * We must lock the group's inode to avoid races with the VFS
879 		 * which can already hit the inode and try to add/remove entries
880 		 * under it.
881 		 *
882 		 * We must also lock the inode to remove it safely in case of
883 		 * error, as rmdir() would.
884 		 */
885 		inode_lock_nested(d_inode(dentry), I_MUTEX_CHILD);
886 		configfs_adjust_dir_dirent_depth_before_populate(sd);
887 		ret = populate_groups(to_config_group(item), frag);
888 		if (ret) {
889 			configfs_detach_item(item);
890 			d_inode(dentry)->i_flags |= S_DEAD;
891 			dont_mount(dentry);
892 		}
893 		configfs_adjust_dir_dirent_depth_after_populate(sd);
894 		inode_unlock(d_inode(dentry));
895 		if (ret)
896 			d_delete(dentry);
897 	}
898 
899 	return ret;
900 }
901 
902 /* Caller holds the mutex of the group's inode */
903 static void configfs_detach_group(struct config_item *item)
904 {
905 	detach_groups(to_config_group(item));
906 	configfs_detach_item(item);
907 }
908 
909 /*
910  * After the item has been detached from the filesystem view, we are
911  * ready to tear it out of the hierarchy.  Notify the client before
912  * we do that so they can perform any cleanup that requires
913  * navigating the hierarchy.  A client does not need to provide this
914  * callback.  The subsystem semaphore MUST be held by the caller, and
915  * references must be valid for both items.  It also assumes the
916  * caller has validated ci_type.
917  */
918 static void client_disconnect_notify(struct config_item *parent_item,
919 				     struct config_item *item)
920 {
921 	const struct config_item_type *type;
922 
923 	type = parent_item->ci_type;
924 	BUG_ON(!type);
925 
926 	if (type->ct_group_ops && type->ct_group_ops->disconnect_notify)
927 		type->ct_group_ops->disconnect_notify(to_config_group(parent_item),
928 						      item);
929 }
930 
931 /*
932  * Drop the initial reference from make_item()/make_group()
933  * This function assumes that reference is held on item
934  * and that item holds a valid reference to the parent.  Also, it
935  * assumes the caller has validated ci_type.
936  */
937 static void client_drop_item(struct config_item *parent_item,
938 			     struct config_item *item)
939 {
940 	const struct config_item_type *type;
941 
942 	type = parent_item->ci_type;
943 	BUG_ON(!type);
944 
945 	/*
946 	 * If ->drop_item() exists, it is responsible for the
947 	 * config_item_put().
948 	 */
949 	if (type->ct_group_ops && type->ct_group_ops->drop_item)
950 		type->ct_group_ops->drop_item(to_config_group(parent_item),
951 					      item);
952 	else
953 		config_item_put(item);
954 }
955 
956 #ifdef DEBUG
957 static void configfs_dump_one(struct configfs_dirent *sd, int level)
958 {
959 	pr_info("%*s\"%s\":\n", level, " ", configfs_get_name(sd));
960 
961 #define type_print(_type) if (sd->s_type & _type) pr_info("%*s %s\n", level, " ", #_type);
962 	type_print(CONFIGFS_ROOT);
963 	type_print(CONFIGFS_DIR);
964 	type_print(CONFIGFS_ITEM_ATTR);
965 	type_print(CONFIGFS_ITEM_LINK);
966 	type_print(CONFIGFS_USET_DIR);
967 	type_print(CONFIGFS_USET_DEFAULT);
968 	type_print(CONFIGFS_USET_DROPPING);
969 #undef type_print
970 }
971 
972 static int configfs_dump(struct configfs_dirent *sd, int level)
973 {
974 	struct configfs_dirent *child_sd;
975 	int ret = 0;
976 
977 	configfs_dump_one(sd, level);
978 
979 	if (!(sd->s_type & (CONFIGFS_DIR|CONFIGFS_ROOT)))
980 		return 0;
981 
982 	list_for_each_entry(child_sd, &sd->s_children, s_sibling) {
983 		ret = configfs_dump(child_sd, level + 2);
984 		if (ret)
985 			break;
986 	}
987 
988 	return ret;
989 }
990 #endif
991 
992 
993 /*
994  * configfs_depend_item() and configfs_undepend_item()
995  *
996  * WARNING: Do not call these from a configfs callback!
997  *
998  * This describes these functions and their helpers.
999  *
1000  * Allow another kernel system to depend on a config_item.  If this
1001  * happens, the item cannot go away until the dependent can live without
1002  * it.  The idea is to give client modules as simple an interface as
1003  * possible.  When a system asks them to depend on an item, they just
1004  * call configfs_depend_item().  If the item is live and the client
1005  * driver is in good shape, we'll happily do the work for them.
1006  *
1007  * Why is the locking complex?  Because configfs uses the VFS to handle
1008  * all locking, but this function is called outside the normal
1009  * VFS->configfs path.  So it must take VFS locks to prevent the
1010  * VFS->configfs stuff (configfs_mkdir(), configfs_rmdir(), etc).  This is
1011  * why you can't call these functions underneath configfs callbacks.
1012  *
1013  * Note, btw, that this can be called at *any* time, even when a configfs
1014  * subsystem isn't registered, or when configfs is loading or unloading.
1015  * Just like configfs_register_subsystem().  So we take the same
1016  * precautions.  We pin the filesystem.  We lock configfs_dirent_lock.
1017  * If we can find the target item in the
1018  * configfs tree, it must be part of the subsystem tree as well, so we
1019  * do not need the subsystem semaphore.  Holding configfs_dirent_lock helps
1020  * locking out mkdir() and rmdir(), who might be racing us.
1021  */
1022 
1023 /*
1024  * configfs_depend_prep()
1025  *
1026  * Only subdirectories count here.  Files (CONFIGFS_NOT_PINNED) are
1027  * attributes.  This is similar but not the same to configfs_detach_prep().
1028  * Note that configfs_detach_prep() expects the parent to be locked when it
1029  * is called, but we lock the parent *inside* configfs_depend_prep().  We
1030  * do that so we can unlock it if we find nothing.
1031  *
1032  * Here we do a depth-first search of the dentry hierarchy looking for
1033  * our object.
1034  * We deliberately ignore items tagged as dropping since they are virtually
1035  * dead, as well as items in the middle of attachment since they virtually
1036  * do not exist yet. This completes the locking out of racing mkdir() and
1037  * rmdir().
1038  * Note: subdirectories in the middle of attachment start with s_type =
1039  * CONFIGFS_DIR|CONFIGFS_USET_CREATING set by create_dir().  When
1040  * CONFIGFS_USET_CREATING is set, we ignore the item.  The actual set of
1041  * s_type is in configfs_new_dirent(), which has configfs_dirent_lock.
1042  *
1043  * If the target is not found, -ENOENT is bubbled up.
1044  *
1045  * This adds a requirement that all config_items be unique!
1046  *
1047  * This is recursive.  There isn't
1048  * much on the stack, though, so folks that need this function - be careful
1049  * about your stack!  Patches will be accepted to make it iterative.
1050  */
1051 static int configfs_depend_prep(struct dentry *origin,
1052 				struct config_item *target)
1053 {
1054 	struct configfs_dirent *child_sd, *sd;
1055 	int ret = 0;
1056 
1057 	BUG_ON(!origin || !origin->d_fsdata);
1058 	sd = origin->d_fsdata;
1059 
1060 	if (sd->s_element == target)  /* Boo-yah */
1061 		goto out;
1062 
1063 	list_for_each_entry(child_sd, &sd->s_children, s_sibling) {
1064 		if ((child_sd->s_type & CONFIGFS_DIR) &&
1065 		    !(child_sd->s_type & CONFIGFS_USET_DROPPING) &&
1066 		    !(child_sd->s_type & CONFIGFS_USET_CREATING)) {
1067 			ret = configfs_depend_prep(child_sd->s_dentry,
1068 						   target);
1069 			if (!ret)
1070 				goto out;  /* Child path boo-yah */
1071 		}
1072 	}
1073 
1074 	/* We looped all our children and didn't find target */
1075 	ret = -ENOENT;
1076 
1077 out:
1078 	return ret;
1079 }
1080 
1081 static int configfs_do_depend_item(struct dentry *subsys_dentry,
1082 				   struct config_item *target)
1083 {
1084 	struct configfs_dirent *p;
1085 	int ret;
1086 
1087 	spin_lock(&configfs_dirent_lock);
1088 	/* Scan the tree, return 0 if found */
1089 	ret = configfs_depend_prep(subsys_dentry, target);
1090 	if (ret)
1091 		goto out_unlock_dirent_lock;
1092 
1093 	/*
1094 	 * We are sure that the item is not about to be removed by rmdir(), and
1095 	 * not in the middle of attachment by mkdir().
1096 	 */
1097 	p = target->ci_dentry->d_fsdata;
1098 	p->s_dependent_count += 1;
1099 
1100 out_unlock_dirent_lock:
1101 	spin_unlock(&configfs_dirent_lock);
1102 
1103 	return ret;
1104 }
1105 
1106 static inline struct configfs_dirent *
1107 configfs_find_subsys_dentry(struct configfs_dirent *root_sd,
1108 			    struct config_item *subsys_item)
1109 {
1110 	struct configfs_dirent *p;
1111 	struct configfs_dirent *ret = NULL;
1112 
1113 	list_for_each_entry(p, &root_sd->s_children, s_sibling) {
1114 		if (p->s_type & CONFIGFS_DIR &&
1115 		    p->s_element == subsys_item) {
1116 			ret = p;
1117 			break;
1118 		}
1119 	}
1120 
1121 	return ret;
1122 }
1123 
1124 
1125 int configfs_depend_item(struct configfs_subsystem *subsys,
1126 			 struct config_item *target)
1127 {
1128 	int ret;
1129 	struct configfs_dirent *subsys_sd;
1130 	struct config_item *s_item = &subsys->su_group.cg_item;
1131 	struct dentry *root;
1132 
1133 	/*
1134 	 * Pin the configfs filesystem.  This means we can safely access
1135 	 * the root of the configfs filesystem.
1136 	 */
1137 	root = configfs_pin_fs();
1138 	if (IS_ERR(root))
1139 		return PTR_ERR(root);
1140 
1141 	/*
1142 	 * Next, lock the root directory.  We're going to check that the
1143 	 * subsystem is really registered, and so we need to lock out
1144 	 * configfs_[un]register_subsystem().
1145 	 */
1146 	inode_lock(d_inode(root));
1147 
1148 	subsys_sd = configfs_find_subsys_dentry(root->d_fsdata, s_item);
1149 	if (!subsys_sd) {
1150 		ret = -ENOENT;
1151 		goto out_unlock_fs;
1152 	}
1153 
1154 	/* Ok, now we can trust subsys/s_item */
1155 	ret = configfs_do_depend_item(subsys_sd->s_dentry, target);
1156 
1157 out_unlock_fs:
1158 	inode_unlock(d_inode(root));
1159 
1160 	/*
1161 	 * If we succeeded, the fs is pinned via other methods.  If not,
1162 	 * we're done with it anyway.  So release_fs() is always right.
1163 	 */
1164 	configfs_release_fs();
1165 
1166 	return ret;
1167 }
1168 EXPORT_SYMBOL(configfs_depend_item);
1169 
1170 /*
1171  * Release the dependent linkage.  This is much simpler than
1172  * configfs_depend_item() because we know that the client driver is
1173  * pinned, thus the subsystem is pinned, and therefore configfs is pinned.
1174  */
1175 void configfs_undepend_item(struct config_item *target)
1176 {
1177 	struct configfs_dirent *sd;
1178 
1179 	/*
1180 	 * Since we can trust everything is pinned, we just need
1181 	 * configfs_dirent_lock.
1182 	 */
1183 	spin_lock(&configfs_dirent_lock);
1184 
1185 	sd = target->ci_dentry->d_fsdata;
1186 	BUG_ON(sd->s_dependent_count < 1);
1187 
1188 	sd->s_dependent_count -= 1;
1189 
1190 	/*
1191 	 * After this unlock, we cannot trust the item to stay alive!
1192 	 * DO NOT REFERENCE item after this unlock.
1193 	 */
1194 	spin_unlock(&configfs_dirent_lock);
1195 }
1196 EXPORT_SYMBOL(configfs_undepend_item);
1197 
1198 /*
1199  * caller_subsys is a caller's subsystem not target's. This is used to
1200  * determine if we should lock root and check subsys or not. When we are
1201  * in the same subsystem as our target there is no need to do locking as
1202  * we know that subsys is valid and is not unregistered during this function
1203  * as we are called from callback of one of his children and VFS holds a lock
1204  * on some inode. Otherwise we have to lock our root to  ensure that target's
1205  * subsystem it is not unregistered during this function.
1206  */
1207 int configfs_depend_item_unlocked(struct configfs_subsystem *caller_subsys,
1208 				  struct config_item *target)
1209 {
1210 	struct configfs_subsystem *target_subsys;
1211 	struct config_group *root, *parent;
1212 	struct configfs_dirent *subsys_sd;
1213 	int ret = -ENOENT;
1214 
1215 	/* Disallow this function for configfs root */
1216 	if (configfs_is_root(target))
1217 		return -EINVAL;
1218 
1219 	parent = target->ci_group;
1220 	/*
1221 	 * This may happen when someone is trying to depend root
1222 	 * directory of some subsystem
1223 	 */
1224 	if (configfs_is_root(&parent->cg_item)) {
1225 		target_subsys = to_configfs_subsystem(to_config_group(target));
1226 		root = parent;
1227 	} else {
1228 		target_subsys = parent->cg_subsys;
1229 		/* Find a cofnigfs root as we may need it for locking */
1230 		for (root = parent; !configfs_is_root(&root->cg_item);
1231 		     root = root->cg_item.ci_group)
1232 			;
1233 	}
1234 
1235 	if (target_subsys != caller_subsys) {
1236 		/*
1237 		 * We are in other configfs subsystem, so we have to do
1238 		 * additional locking to prevent other subsystem from being
1239 		 * unregistered
1240 		 */
1241 		inode_lock(d_inode(root->cg_item.ci_dentry));
1242 
1243 		/*
1244 		 * As we are trying to depend item from other subsystem
1245 		 * we have to check if this subsystem is still registered
1246 		 */
1247 		subsys_sd = configfs_find_subsys_dentry(
1248 				root->cg_item.ci_dentry->d_fsdata,
1249 				&target_subsys->su_group.cg_item);
1250 		if (!subsys_sd)
1251 			goto out_root_unlock;
1252 	} else {
1253 		subsys_sd = target_subsys->su_group.cg_item.ci_dentry->d_fsdata;
1254 	}
1255 
1256 	/* Now we can execute core of depend item */
1257 	ret = configfs_do_depend_item(subsys_sd->s_dentry, target);
1258 
1259 	if (target_subsys != caller_subsys)
1260 out_root_unlock:
1261 		/*
1262 		 * We were called from subsystem other than our target so we
1263 		 * took some locks so now it's time to release them
1264 		 */
1265 		inode_unlock(d_inode(root->cg_item.ci_dentry));
1266 
1267 	return ret;
1268 }
1269 EXPORT_SYMBOL(configfs_depend_item_unlocked);
1270 
1271 static int configfs_mkdir(struct user_namespace *mnt_userns, struct inode *dir,
1272 			  struct dentry *dentry, umode_t mode)
1273 {
1274 	int ret = 0;
1275 	int module_got = 0;
1276 	struct config_group *group = NULL;
1277 	struct config_item *item = NULL;
1278 	struct config_item *parent_item;
1279 	struct configfs_subsystem *subsys;
1280 	struct configfs_dirent *sd;
1281 	const struct config_item_type *type;
1282 	struct module *subsys_owner = NULL, *new_item_owner = NULL;
1283 	struct configfs_fragment *frag;
1284 	char *name;
1285 
1286 	sd = dentry->d_parent->d_fsdata;
1287 
1288 	/*
1289 	 * Fake invisibility if dir belongs to a group/default groups hierarchy
1290 	 * being attached
1291 	 */
1292 	if (!configfs_dirent_is_ready(sd)) {
1293 		ret = -ENOENT;
1294 		goto out;
1295 	}
1296 
1297 	if (!(sd->s_type & CONFIGFS_USET_DIR)) {
1298 		ret = -EPERM;
1299 		goto out;
1300 	}
1301 
1302 	frag = new_fragment();
1303 	if (!frag) {
1304 		ret = -ENOMEM;
1305 		goto out;
1306 	}
1307 
1308 	/* Get a working ref for the duration of this function */
1309 	parent_item = configfs_get_config_item(dentry->d_parent);
1310 	type = parent_item->ci_type;
1311 	subsys = to_config_group(parent_item)->cg_subsys;
1312 	BUG_ON(!subsys);
1313 
1314 	if (!type || !type->ct_group_ops ||
1315 	    (!type->ct_group_ops->make_group &&
1316 	     !type->ct_group_ops->make_item)) {
1317 		ret = -EPERM;  /* Lack-of-mkdir returns -EPERM */
1318 		goto out_put;
1319 	}
1320 
1321 	/*
1322 	 * The subsystem may belong to a different module than the item
1323 	 * being created.  We don't want to safely pin the new item but
1324 	 * fail to pin the subsystem it sits under.
1325 	 */
1326 	if (!subsys->su_group.cg_item.ci_type) {
1327 		ret = -EINVAL;
1328 		goto out_put;
1329 	}
1330 	subsys_owner = subsys->su_group.cg_item.ci_type->ct_owner;
1331 	if (!try_module_get(subsys_owner)) {
1332 		ret = -EINVAL;
1333 		goto out_put;
1334 	}
1335 
1336 	name = kmalloc(dentry->d_name.len + 1, GFP_KERNEL);
1337 	if (!name) {
1338 		ret = -ENOMEM;
1339 		goto out_subsys_put;
1340 	}
1341 
1342 	snprintf(name, dentry->d_name.len + 1, "%s", dentry->d_name.name);
1343 
1344 	mutex_lock(&subsys->su_mutex);
1345 	if (type->ct_group_ops->make_group) {
1346 		group = type->ct_group_ops->make_group(to_config_group(parent_item), name);
1347 		if (!group)
1348 			group = ERR_PTR(-ENOMEM);
1349 		if (!IS_ERR(group)) {
1350 			link_group(to_config_group(parent_item), group);
1351 			item = &group->cg_item;
1352 		} else
1353 			ret = PTR_ERR(group);
1354 	} else {
1355 		item = type->ct_group_ops->make_item(to_config_group(parent_item), name);
1356 		if (!item)
1357 			item = ERR_PTR(-ENOMEM);
1358 		if (!IS_ERR(item))
1359 			link_obj(parent_item, item);
1360 		else
1361 			ret = PTR_ERR(item);
1362 	}
1363 	mutex_unlock(&subsys->su_mutex);
1364 
1365 	kfree(name);
1366 	if (ret) {
1367 		/*
1368 		 * If ret != 0, then link_obj() was never called.
1369 		 * There are no extra references to clean up.
1370 		 */
1371 		goto out_subsys_put;
1372 	}
1373 
1374 	/*
1375 	 * link_obj() has been called (via link_group() for groups).
1376 	 * From here on out, errors must clean that up.
1377 	 */
1378 
1379 	type = item->ci_type;
1380 	if (!type) {
1381 		ret = -EINVAL;
1382 		goto out_unlink;
1383 	}
1384 
1385 	new_item_owner = type->ct_owner;
1386 	if (!try_module_get(new_item_owner)) {
1387 		ret = -EINVAL;
1388 		goto out_unlink;
1389 	}
1390 
1391 	/*
1392 	 * I hate doing it this way, but if there is
1393 	 * an error,  module_put() probably should
1394 	 * happen after any cleanup.
1395 	 */
1396 	module_got = 1;
1397 
1398 	/*
1399 	 * Make racing rmdir() fail if it did not tag parent with
1400 	 * CONFIGFS_USET_DROPPING
1401 	 * Note: if CONFIGFS_USET_DROPPING is already set, attach_group() will
1402 	 * fail and let rmdir() terminate correctly
1403 	 */
1404 	spin_lock(&configfs_dirent_lock);
1405 	/* This will make configfs_detach_prep() fail */
1406 	sd->s_type |= CONFIGFS_USET_IN_MKDIR;
1407 	spin_unlock(&configfs_dirent_lock);
1408 
1409 	if (group)
1410 		ret = configfs_attach_group(parent_item, item, dentry, frag);
1411 	else
1412 		ret = configfs_attach_item(parent_item, item, dentry, frag);
1413 
1414 	spin_lock(&configfs_dirent_lock);
1415 	sd->s_type &= ~CONFIGFS_USET_IN_MKDIR;
1416 	if (!ret)
1417 		configfs_dir_set_ready(dentry->d_fsdata);
1418 	spin_unlock(&configfs_dirent_lock);
1419 
1420 out_unlink:
1421 	if (ret) {
1422 		/* Tear down everything we built up */
1423 		mutex_lock(&subsys->su_mutex);
1424 
1425 		client_disconnect_notify(parent_item, item);
1426 		if (group)
1427 			unlink_group(group);
1428 		else
1429 			unlink_obj(item);
1430 		client_drop_item(parent_item, item);
1431 
1432 		mutex_unlock(&subsys->su_mutex);
1433 
1434 		if (module_got)
1435 			module_put(new_item_owner);
1436 	}
1437 
1438 out_subsys_put:
1439 	if (ret)
1440 		module_put(subsys_owner);
1441 
1442 out_put:
1443 	/*
1444 	 * link_obj()/link_group() took a reference from child->parent,
1445 	 * so the parent is safely pinned.  We can drop our working
1446 	 * reference.
1447 	 */
1448 	config_item_put(parent_item);
1449 	put_fragment(frag);
1450 
1451 out:
1452 	return ret;
1453 }
1454 
1455 static int configfs_rmdir(struct inode *dir, struct dentry *dentry)
1456 {
1457 	struct config_item *parent_item;
1458 	struct config_item *item;
1459 	struct configfs_subsystem *subsys;
1460 	struct configfs_dirent *sd;
1461 	struct configfs_fragment *frag;
1462 	struct module *subsys_owner = NULL, *dead_item_owner = NULL;
1463 	int ret;
1464 
1465 	sd = dentry->d_fsdata;
1466 	if (sd->s_type & CONFIGFS_USET_DEFAULT)
1467 		return -EPERM;
1468 
1469 	/* Get a working ref until we have the child */
1470 	parent_item = configfs_get_config_item(dentry->d_parent);
1471 	subsys = to_config_group(parent_item)->cg_subsys;
1472 	BUG_ON(!subsys);
1473 
1474 	if (!parent_item->ci_type) {
1475 		config_item_put(parent_item);
1476 		return -EINVAL;
1477 	}
1478 
1479 	/* configfs_mkdir() shouldn't have allowed this */
1480 	BUG_ON(!subsys->su_group.cg_item.ci_type);
1481 	subsys_owner = subsys->su_group.cg_item.ci_type->ct_owner;
1482 
1483 	/*
1484 	 * Ensure that no racing symlink() will make detach_prep() fail while
1485 	 * the new link is temporarily attached
1486 	 */
1487 	do {
1488 		struct dentry *wait;
1489 
1490 		mutex_lock(&configfs_symlink_mutex);
1491 		spin_lock(&configfs_dirent_lock);
1492 		/*
1493 		 * Here's where we check for dependents.  We're protected by
1494 		 * configfs_dirent_lock.
1495 		 * If no dependent, atomically tag the item as dropping.
1496 		 */
1497 		ret = sd->s_dependent_count ? -EBUSY : 0;
1498 		if (!ret) {
1499 			ret = configfs_detach_prep(dentry, &wait);
1500 			if (ret)
1501 				configfs_detach_rollback(dentry);
1502 		}
1503 		spin_unlock(&configfs_dirent_lock);
1504 		mutex_unlock(&configfs_symlink_mutex);
1505 
1506 		if (ret) {
1507 			if (ret != -EAGAIN) {
1508 				config_item_put(parent_item);
1509 				return ret;
1510 			}
1511 
1512 			/* Wait until the racing operation terminates */
1513 			inode_lock(d_inode(wait));
1514 			inode_unlock(d_inode(wait));
1515 			dput(wait);
1516 		}
1517 	} while (ret == -EAGAIN);
1518 
1519 	frag = sd->s_frag;
1520 	if (down_write_killable(&frag->frag_sem)) {
1521 		spin_lock(&configfs_dirent_lock);
1522 		configfs_detach_rollback(dentry);
1523 		spin_unlock(&configfs_dirent_lock);
1524 		config_item_put(parent_item);
1525 		return -EINTR;
1526 	}
1527 	frag->frag_dead = true;
1528 	up_write(&frag->frag_sem);
1529 
1530 	/* Get a working ref for the duration of this function */
1531 	item = configfs_get_config_item(dentry);
1532 
1533 	/* Drop reference from above, item already holds one. */
1534 	config_item_put(parent_item);
1535 
1536 	if (item->ci_type)
1537 		dead_item_owner = item->ci_type->ct_owner;
1538 
1539 	if (sd->s_type & CONFIGFS_USET_DIR) {
1540 		configfs_detach_group(item);
1541 
1542 		mutex_lock(&subsys->su_mutex);
1543 		client_disconnect_notify(parent_item, item);
1544 		unlink_group(to_config_group(item));
1545 	} else {
1546 		configfs_detach_item(item);
1547 
1548 		mutex_lock(&subsys->su_mutex);
1549 		client_disconnect_notify(parent_item, item);
1550 		unlink_obj(item);
1551 	}
1552 
1553 	client_drop_item(parent_item, item);
1554 	mutex_unlock(&subsys->su_mutex);
1555 
1556 	/* Drop our reference from above */
1557 	config_item_put(item);
1558 
1559 	module_put(dead_item_owner);
1560 	module_put(subsys_owner);
1561 
1562 	return 0;
1563 }
1564 
1565 const struct inode_operations configfs_dir_inode_operations = {
1566 	.mkdir		= configfs_mkdir,
1567 	.rmdir		= configfs_rmdir,
1568 	.symlink	= configfs_symlink,
1569 	.unlink		= configfs_unlink,
1570 	.lookup		= configfs_lookup,
1571 	.setattr	= configfs_setattr,
1572 };
1573 
1574 const struct inode_operations configfs_root_inode_operations = {
1575 	.lookup		= configfs_lookup,
1576 	.setattr	= configfs_setattr,
1577 };
1578 
1579 static int configfs_dir_open(struct inode *inode, struct file *file)
1580 {
1581 	struct dentry * dentry = file->f_path.dentry;
1582 	struct configfs_dirent * parent_sd = dentry->d_fsdata;
1583 	int err;
1584 
1585 	inode_lock(d_inode(dentry));
1586 	/*
1587 	 * Fake invisibility if dir belongs to a group/default groups hierarchy
1588 	 * being attached
1589 	 */
1590 	err = -ENOENT;
1591 	if (configfs_dirent_is_ready(parent_sd)) {
1592 		file->private_data = configfs_new_dirent(parent_sd, NULL, 0, NULL);
1593 		if (IS_ERR(file->private_data))
1594 			err = PTR_ERR(file->private_data);
1595 		else
1596 			err = 0;
1597 	}
1598 	inode_unlock(d_inode(dentry));
1599 
1600 	return err;
1601 }
1602 
1603 static int configfs_dir_close(struct inode *inode, struct file *file)
1604 {
1605 	struct dentry * dentry = file->f_path.dentry;
1606 	struct configfs_dirent * cursor = file->private_data;
1607 
1608 	inode_lock(d_inode(dentry));
1609 	spin_lock(&configfs_dirent_lock);
1610 	list_del_init(&cursor->s_sibling);
1611 	spin_unlock(&configfs_dirent_lock);
1612 	inode_unlock(d_inode(dentry));
1613 
1614 	release_configfs_dirent(cursor);
1615 
1616 	return 0;
1617 }
1618 
1619 /* Relationship between s_mode and the DT_xxx types */
1620 static inline unsigned char dt_type(struct configfs_dirent *sd)
1621 {
1622 	return (sd->s_mode >> 12) & 15;
1623 }
1624 
1625 static int configfs_readdir(struct file *file, struct dir_context *ctx)
1626 {
1627 	struct dentry *dentry = file->f_path.dentry;
1628 	struct super_block *sb = dentry->d_sb;
1629 	struct configfs_dirent * parent_sd = dentry->d_fsdata;
1630 	struct configfs_dirent *cursor = file->private_data;
1631 	struct list_head *p, *q = &cursor->s_sibling;
1632 	ino_t ino = 0;
1633 
1634 	if (!dir_emit_dots(file, ctx))
1635 		return 0;
1636 	spin_lock(&configfs_dirent_lock);
1637 	if (ctx->pos == 2)
1638 		list_move(q, &parent_sd->s_children);
1639 	for (p = q->next; p != &parent_sd->s_children; p = p->next) {
1640 		struct configfs_dirent *next;
1641 		const char *name;
1642 		int len;
1643 		struct inode *inode = NULL;
1644 
1645 		next = list_entry(p, struct configfs_dirent, s_sibling);
1646 		if (!next->s_element)
1647 			continue;
1648 
1649 		/*
1650 		 * We'll have a dentry and an inode for
1651 		 * PINNED items and for open attribute
1652 		 * files.  We lock here to prevent a race
1653 		 * with configfs_d_iput() clearing
1654 		 * s_dentry before calling iput().
1655 		 *
1656 		 * Why do we go to the trouble?  If
1657 		 * someone has an attribute file open,
1658 		 * the inode number should match until
1659 		 * they close it.  Beyond that, we don't
1660 		 * care.
1661 		 */
1662 		dentry = next->s_dentry;
1663 		if (dentry)
1664 			inode = d_inode(dentry);
1665 		if (inode)
1666 			ino = inode->i_ino;
1667 		spin_unlock(&configfs_dirent_lock);
1668 		if (!inode)
1669 			ino = iunique(sb, 2);
1670 
1671 		name = configfs_get_name(next);
1672 		len = strlen(name);
1673 
1674 		if (!dir_emit(ctx, name, len, ino, dt_type(next)))
1675 			return 0;
1676 
1677 		spin_lock(&configfs_dirent_lock);
1678 		list_move(q, p);
1679 		p = q;
1680 		ctx->pos++;
1681 	}
1682 	spin_unlock(&configfs_dirent_lock);
1683 	return 0;
1684 }
1685 
1686 static loff_t configfs_dir_lseek(struct file *file, loff_t offset, int whence)
1687 {
1688 	struct dentry * dentry = file->f_path.dentry;
1689 
1690 	switch (whence) {
1691 		case 1:
1692 			offset += file->f_pos;
1693 			fallthrough;
1694 		case 0:
1695 			if (offset >= 0)
1696 				break;
1697 			fallthrough;
1698 		default:
1699 			return -EINVAL;
1700 	}
1701 	if (offset != file->f_pos) {
1702 		file->f_pos = offset;
1703 		if (file->f_pos >= 2) {
1704 			struct configfs_dirent *sd = dentry->d_fsdata;
1705 			struct configfs_dirent *cursor = file->private_data;
1706 			struct list_head *p;
1707 			loff_t n = file->f_pos - 2;
1708 
1709 			spin_lock(&configfs_dirent_lock);
1710 			list_del(&cursor->s_sibling);
1711 			p = sd->s_children.next;
1712 			while (n && p != &sd->s_children) {
1713 				struct configfs_dirent *next;
1714 				next = list_entry(p, struct configfs_dirent,
1715 						   s_sibling);
1716 				if (next->s_element)
1717 					n--;
1718 				p = p->next;
1719 			}
1720 			list_add_tail(&cursor->s_sibling, p);
1721 			spin_unlock(&configfs_dirent_lock);
1722 		}
1723 	}
1724 	return offset;
1725 }
1726 
1727 const struct file_operations configfs_dir_operations = {
1728 	.open		= configfs_dir_open,
1729 	.release	= configfs_dir_close,
1730 	.llseek		= configfs_dir_lseek,
1731 	.read		= generic_read_dir,
1732 	.iterate_shared	= configfs_readdir,
1733 };
1734 
1735 /**
1736  * configfs_register_group - creates a parent-child relation between two groups
1737  * @parent_group:	parent group
1738  * @group:		child group
1739  *
1740  * link groups, creates dentry for the child and attaches it to the
1741  * parent dentry.
1742  *
1743  * Return: 0 on success, negative errno code on error
1744  */
1745 int configfs_register_group(struct config_group *parent_group,
1746 			    struct config_group *group)
1747 {
1748 	struct configfs_subsystem *subsys = parent_group->cg_subsys;
1749 	struct dentry *parent;
1750 	struct configfs_fragment *frag;
1751 	int ret;
1752 
1753 	frag = new_fragment();
1754 	if (!frag)
1755 		return -ENOMEM;
1756 
1757 	mutex_lock(&subsys->su_mutex);
1758 	link_group(parent_group, group);
1759 	mutex_unlock(&subsys->su_mutex);
1760 
1761 	parent = parent_group->cg_item.ci_dentry;
1762 
1763 	inode_lock_nested(d_inode(parent), I_MUTEX_PARENT);
1764 	ret = create_default_group(parent_group, group, frag);
1765 	if (ret)
1766 		goto err_out;
1767 
1768 	spin_lock(&configfs_dirent_lock);
1769 	configfs_dir_set_ready(group->cg_item.ci_dentry->d_fsdata);
1770 	spin_unlock(&configfs_dirent_lock);
1771 	inode_unlock(d_inode(parent));
1772 	put_fragment(frag);
1773 	return 0;
1774 err_out:
1775 	inode_unlock(d_inode(parent));
1776 	mutex_lock(&subsys->su_mutex);
1777 	unlink_group(group);
1778 	mutex_unlock(&subsys->su_mutex);
1779 	put_fragment(frag);
1780 	return ret;
1781 }
1782 EXPORT_SYMBOL(configfs_register_group);
1783 
1784 /**
1785  * configfs_unregister_group() - unregisters a child group from its parent
1786  * @group: parent group to be unregistered
1787  *
1788  * Undoes configfs_register_group()
1789  */
1790 void configfs_unregister_group(struct config_group *group)
1791 {
1792 	struct configfs_subsystem *subsys = group->cg_subsys;
1793 	struct dentry *dentry = group->cg_item.ci_dentry;
1794 	struct dentry *parent = group->cg_item.ci_parent->ci_dentry;
1795 	struct configfs_dirent *sd = dentry->d_fsdata;
1796 	struct configfs_fragment *frag = sd->s_frag;
1797 
1798 	down_write(&frag->frag_sem);
1799 	frag->frag_dead = true;
1800 	up_write(&frag->frag_sem);
1801 
1802 	inode_lock_nested(d_inode(parent), I_MUTEX_PARENT);
1803 	spin_lock(&configfs_dirent_lock);
1804 	configfs_detach_prep(dentry, NULL);
1805 	spin_unlock(&configfs_dirent_lock);
1806 
1807 	configfs_detach_group(&group->cg_item);
1808 	d_inode(dentry)->i_flags |= S_DEAD;
1809 	dont_mount(dentry);
1810 	fsnotify_rmdir(d_inode(parent), dentry);
1811 	d_delete(dentry);
1812 	inode_unlock(d_inode(parent));
1813 
1814 	dput(dentry);
1815 
1816 	mutex_lock(&subsys->su_mutex);
1817 	unlink_group(group);
1818 	mutex_unlock(&subsys->su_mutex);
1819 }
1820 EXPORT_SYMBOL(configfs_unregister_group);
1821 
1822 /**
1823  * configfs_register_default_group() - allocates and registers a child group
1824  * @parent_group:	parent group
1825  * @name:		child group name
1826  * @item_type:		child item type description
1827  *
1828  * boilerplate to allocate and register a child group with its parent. We need
1829  * kzalloc'ed memory because child's default_group is initially empty.
1830  *
1831  * Return: allocated config group or ERR_PTR() on error
1832  */
1833 struct config_group *
1834 configfs_register_default_group(struct config_group *parent_group,
1835 				const char *name,
1836 				const struct config_item_type *item_type)
1837 {
1838 	int ret;
1839 	struct config_group *group;
1840 
1841 	group = kzalloc(sizeof(*group), GFP_KERNEL);
1842 	if (!group)
1843 		return ERR_PTR(-ENOMEM);
1844 	config_group_init_type_name(group, name, item_type);
1845 
1846 	ret = configfs_register_group(parent_group, group);
1847 	if (ret) {
1848 		kfree(group);
1849 		return ERR_PTR(ret);
1850 	}
1851 	return group;
1852 }
1853 EXPORT_SYMBOL(configfs_register_default_group);
1854 
1855 /**
1856  * configfs_unregister_default_group() - unregisters and frees a child group
1857  * @group:	the group to act on
1858  */
1859 void configfs_unregister_default_group(struct config_group *group)
1860 {
1861 	configfs_unregister_group(group);
1862 	kfree(group);
1863 }
1864 EXPORT_SYMBOL(configfs_unregister_default_group);
1865 
1866 int configfs_register_subsystem(struct configfs_subsystem *subsys)
1867 {
1868 	int err;
1869 	struct config_group *group = &subsys->su_group;
1870 	struct dentry *dentry;
1871 	struct dentry *root;
1872 	struct configfs_dirent *sd;
1873 	struct configfs_fragment *frag;
1874 
1875 	frag = new_fragment();
1876 	if (!frag)
1877 		return -ENOMEM;
1878 
1879 	root = configfs_pin_fs();
1880 	if (IS_ERR(root)) {
1881 		put_fragment(frag);
1882 		return PTR_ERR(root);
1883 	}
1884 
1885 	if (!group->cg_item.ci_name)
1886 		group->cg_item.ci_name = group->cg_item.ci_namebuf;
1887 
1888 	sd = root->d_fsdata;
1889 	link_group(to_config_group(sd->s_element), group);
1890 
1891 	inode_lock_nested(d_inode(root), I_MUTEX_PARENT);
1892 
1893 	err = -ENOMEM;
1894 	dentry = d_alloc_name(root, group->cg_item.ci_name);
1895 	if (dentry) {
1896 		d_add(dentry, NULL);
1897 
1898 		err = configfs_attach_group(sd->s_element, &group->cg_item,
1899 					    dentry, frag);
1900 		if (err) {
1901 			BUG_ON(d_inode(dentry));
1902 			d_drop(dentry);
1903 			dput(dentry);
1904 		} else {
1905 			spin_lock(&configfs_dirent_lock);
1906 			configfs_dir_set_ready(dentry->d_fsdata);
1907 			spin_unlock(&configfs_dirent_lock);
1908 		}
1909 	}
1910 
1911 	inode_unlock(d_inode(root));
1912 
1913 	if (err) {
1914 		unlink_group(group);
1915 		configfs_release_fs();
1916 	}
1917 	put_fragment(frag);
1918 
1919 	return err;
1920 }
1921 
1922 void configfs_unregister_subsystem(struct configfs_subsystem *subsys)
1923 {
1924 	struct config_group *group = &subsys->su_group;
1925 	struct dentry *dentry = group->cg_item.ci_dentry;
1926 	struct dentry *root = dentry->d_sb->s_root;
1927 	struct configfs_dirent *sd = dentry->d_fsdata;
1928 	struct configfs_fragment *frag = sd->s_frag;
1929 
1930 	if (dentry->d_parent != root) {
1931 		pr_err("Tried to unregister non-subsystem!\n");
1932 		return;
1933 	}
1934 
1935 	down_write(&frag->frag_sem);
1936 	frag->frag_dead = true;
1937 	up_write(&frag->frag_sem);
1938 
1939 	inode_lock_nested(d_inode(root),
1940 			  I_MUTEX_PARENT);
1941 	inode_lock_nested(d_inode(dentry), I_MUTEX_CHILD);
1942 	mutex_lock(&configfs_symlink_mutex);
1943 	spin_lock(&configfs_dirent_lock);
1944 	if (configfs_detach_prep(dentry, NULL)) {
1945 		pr_err("Tried to unregister non-empty subsystem!\n");
1946 	}
1947 	spin_unlock(&configfs_dirent_lock);
1948 	mutex_unlock(&configfs_symlink_mutex);
1949 	configfs_detach_group(&group->cg_item);
1950 	d_inode(dentry)->i_flags |= S_DEAD;
1951 	dont_mount(dentry);
1952 	fsnotify_rmdir(d_inode(root), dentry);
1953 	inode_unlock(d_inode(dentry));
1954 
1955 	d_delete(dentry);
1956 
1957 	inode_unlock(d_inode(root));
1958 
1959 	dput(dentry);
1960 
1961 	unlink_group(group);
1962 	configfs_release_fs();
1963 }
1964 
1965 EXPORT_SYMBOL(configfs_register_subsystem);
1966 EXPORT_SYMBOL(configfs_unregister_subsystem);
1967